Re: CAS authentication / authorization: msg#00036 jetspeed-dev-portals.apache.org

Hi David,

with updated source (see attached) I get attached exception and on the console:
gr.uportal.filter
user: nipapado
user: nipapado not in portal db
user: nipapado not created1

thnx for your time,
V.

David Sean Taylor wrote:

On Jul 21, 2009, at 1:35 AM, Evangelos Vlachogiannis wrote:

Hi again,

thnx for the response. I use jetspeed 2.2 but I do not want to talk directly to the LDAP.
I am introducing a filter based on PortalFilter (see attached CASPortalFilter.java implementation in order to: (http://u-portal.gunet.gr:8080/uportal3/ )
- get the username of authenticated user -> done
- if username does not appear in portal db -> create new user with username and assign default group/roles (in future I plan to introduce a mapping mechanism)
- put principal in portal context

Problems till now:
- exception (see attached exception.txt) Any help ??
- As the CAS filter has a url-pattern="/*" (see web.xml) how can a user see public pages without being redirected to CAS
Any help would be appreciated.

From the line number of the NPE, my guess is that the user is null

Do you see any of these exceptions occurring?

} catch (RegistrationException e1) {
// TODO Auto-generated catch block
System.out.println("user: " + userName + "
not created");
} catch (SecurityException e1) {
// TODO Auto-generated catch block
System.out.println("user: " + userName + "
not created");
}

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, e-mail: jetspeed-dev-help@xxxxxxxxxxxxxxxxxx

No virus found in this incoming message.
Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.20/2251 - Release Date: 07/20/09 18:29:00

/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package gr.uportal.filter;

import java.io.IOException;
import java.security.Principal;
import java.util.List;

import javax.security.auth.Subject;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.jetspeed.Jetspeed;
import org.apache.jetspeed.PortalReservedParameters;
import org.apache.jetspeed.administration.PortalAdministration;
import org.apache.jetspeed.administration.PortalAuthenticationConfiguration;
import org.apache.jetspeed.administration.PortalConfiguration;
import org.apache.jetspeed.administration.RegistrationException;
import org.apache.jetspeed.audit.AuditActivity;
import org.apache.jetspeed.cache.UserContentCacheManager;
import org.apache.jetspeed.components.ComponentManager;
import org.apache.jetspeed.login.LoginConstants;
import org.apache.jetspeed.login.filter.PortalRequestWrapper;
import org.apache.jetspeed.security.AuthenticatedUser;
import org.apache.jetspeed.security.AuthenticatedUserImpl;
import org.apache.jetspeed.security.AuthenticationProvider;
import org.apache.jetspeed.security.SecurityException;
import org.apache.jetspeed.security.SubjectHelper;
import org.apache.jetspeed.security.User;
import org.apache.jetspeed.security.UserManager;

import org.apache.jetspeed.security.RoleManager;
import org.apache.jetspeed.security.GroupManager;

import edu.yale.its.tp.cas.client.filter.CASFilter;

public class CASPortalFilter implements Filter {
protected String guest = "guest";

public void init(FilterConfig filterConfig) throws ServletException {
PortalConfiguration config = Jetspeed.getConfiguration();
if (config != null)
guest = config.getString("default.user.principal");
}

public void doFilter(ServletRequest sRequest, ServletResponse sResponse,
FilterChain filterChain) throws IOException,
ServletException {

HttpServletRequest request = null;
System.out.println("gr.uportal.filter");
request = (HttpServletRequest) sRequest;
ComponentManager cm = Jetspeed.getComponentManager();
UserManager userManager = (UserManager) cm

.getComponent("org.apache.jetspeed.security.UserManager");
HttpSession session = request.getSession(true);

// get username from CAS authentication
String userName = (String) session
.getAttribute(CASFilter.CAS_FILTER_USER);
System.out.println("user: " + userName);
User user = null;
// if user has been authenticated though CAS
if (userName != null) {

RoleManager roleManager = (RoleManager) cm

.getComponent("org.apache.jetspeed.security.RoleManager");
GroupManager groupManager = (GroupManager) cm

.getComponent("org.apache.jetspeed.security.GroupManager");

try {
// check if the user exists in the portal
database
user = userManager.getUser(userName);
} catch (SecurityException e) {
// TODO Auto-generated catch block
System.out.println("user: " + userName + " not
in portal db");
PortalAdministration portalAdministration =
(PortalAdministration) cm

.getComponent("PortalAdministration");
try {
// populate portal db with user and
appropriate group/roles
// FIXME: set default group/role ->
then introduce mapping
// mechanism
List roles =
roleManager.getRoles("user");
List groups =
groupManager.getGroups("");
//
portalAdministration.registerUser(userName,
//
portalAdministration.generatePassword(),roles,
// groups,null,null,null);

portalAdministration.registerUser(userName,

portalAdministration.generatePassword());
user = userManager.getUser(userName);

} catch (RegistrationException e1) {
// TODO Auto-generated catch block
System.out.println("user: " + userName
+ " not created1");
} catch (SecurityException e1) {
// TODO Auto-generated catch block
System.out.println("user: " + userName
+ " not created2");
}
}

// if user has not been authenticated though CAS
//FIXME: How do allow
} else {
//guest account
System.out.println("user: " + "guesss");
}

//put subject into jetspeed

Subject subject;
try {
// default solution using the build-in UserManager
subject = userManager.getSubject(user);
} catch (SecurityException e) {
// TODO: maybe some better handling required here
throw new ServletException(e);
}
sRequest = wrapperRequest(request, subject, user);
request.getSession().removeAttribute(LoginConstants.ERRORCODE);

session.setAttribute(PortalReservedParameters.SESSION_KEY_SUBJECT,
subject);
System.out.println("*** login session = " + session);

sRequest.setAttribute(PortalReservedParameters.PORTAL_FILTER_ATTRIBUTE,
"true");
if (filterChain != null) {
filterChain.doFilter(sRequest, sResponse);
}

}

private ServletRequest wrapperRequest(HttpServletRequest request,
Subject subject, Principal principal) {
PortalRequestWrapper wrapper = new PortalRequestWrapper(request,
subject, principal);
return wrapper;
}

public void destroy() {
}
}
HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it from
fulfilling this request.

exception

java.lang.NullPointerException

org.apache.jetspeed.security.spi.impl.JetspeedSecurityPersistenceManager.getPasswordCredential(JetspeedSecurityPersistenceManager.java:495)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)

org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)

org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)

org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)

org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)

org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)

org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
$Proxy3.getPasswordCredential(Unknown Source)

org.apache.jetspeed.security.spi.impl.UserPasswordCredentialManagerImpl.getPasswordCredential(UserPasswordCredentialManagerImpl.java:51)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)

org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)

org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)

org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)

org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)

org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)

org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
$Proxy5.getPasswordCredential(Unknown Source)

org.apache.jetspeed.security.impl.UserManagerImpl.getPasswordCredential(UserManagerImpl.java:119)

org.apache.jetspeed.security.impl.UserManagerImpl.getSubject(UserManagerImpl.java:128)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
java.lang.reflect.Method.invoke(Method.java:597)

org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)

org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:182)

org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)

org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106)

org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)

org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
$Proxy6.getSubject(Unknown Source)
gr.uportal.filter.CASPortalFilter.doFilter(CASPortalFilter.java:132)

org.apache.jetspeed.engine.servlet.XXSUrlAttackFilter.doFilter(XXSUrlAttackFilter.java:52)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:401)

note The full stack trace of the root cause is available in the Apache
Tomcat/6.0.18 logs.
Apache Tomcat/6.0.18
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@xxxxxxxxxxxxxxxxxx
For additional commands, e-mail: jetspeed-dev-help@xxxxxxxxxxxxxxxxxx